Pallavi Vittal
Hyderabad
Summary
Growth doesn’t follow a straight line, each chapter of my career has deepened my expertise in information security and governance.
A results-driven Information Security Leader with extensive experience in global security management, compliance, and risk mitigation, I’ve led enterprise-wide security programs, achieved ISO 27001 certification, and guided organizations through SOC audits with zero deviations. I thrive at the intersection of technology, regulation, and business strategy — translating complex security requirements into practical, value-driven solutions that strengthen trust and resilience.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Cybersecurity Compliance Expert
Opella Healthcare India Pvt Ltd
03.2025 - 10.2025
- Assisted in the development of the organization's cybersecurity strategy and roadmap,
ensuring alignment with enterprise objectives and regulatory expectations. - Initiated the groundwork for defining cybersecurity performance metrics (KPIs) to
support future performance tracking and continuous improvement efforts - Contributed to the design of enterprise-wide cybersecurity awareness and training
programs, supporting long-term capability building and a strong security culture. - Prepared and supported Board and Executive Leadership Team (ELT) reporting,
translating technical and regulatory information into actionable insights and strategic
updates. - Leading organization-wide efforts to achieve NIS2 Directive compliance, including gap
assessments, stakeholder alignment, and implementation of required controls and
reporting mechanisms.
Information Security Manager
Columbus Global Services Pvt Ltd
07.2023 - 03.2025
- Lead the Global IT Security & Governance Team, overseeing comprehensive information security programs and ensuring strict adherence to internal policies and procedures.
- Conducted thorough risk assessments and reviews across the organization, identifying vulnerabilities and implementing robust mitigation strategies.
- Analyzed network security and current infrastructure, assessing areas in need of improvement.
- Collaborated with cross-functional teams to guarantee compliance with industry standards and regulations, including GDPR, NIS2, ISO 27001, mitigating legal
and regulatory risks. - Managed supplier risk assessment processes, evaluating third-party vendors to safeguard against potential security threats and vulnerabilities.
- Reviewed RFPs in partnership with IT and Legal to ensure inclusion of comprehensive cybersecurity clauses and contractual safeguards.
- Streamlined the vendor security questionnaire process, enhancing efficiency and consistency across supplier evaluations.
- Conducted Data Protection Impact Assessments (DPIA) and Records of Processing Activities (ROPA) to ensure adherence to data privacy regulations.
- Drive continuous improvement initiatives, staying abreast of emerging threats
and technologies to enhance the organization's security posture.
Information Security Manager
MathCo
04.2021 - 06.2023
- Managed multiple Information Security programs across the organization and ensured adherence to internal information security policies and procedures.
- Lead the implementation and maintenance of an Information Security Management System certified to the ISO 27001 :2013 standard.
- Worked closely with business teams to help them understand and integrate security requirements into their operations and project lifecycles.
- Implemented the best practices and procedures that
reduced the number of incidents reported. Tracked security training and program compliance, which resulted in
a 95% completion rate amongst company personnel. - Executed security awareness training and educational initiatives that raised personnel security competencies by 30%, while implementing new security protocols.
- Successfully managed the SSAE16 SOC 1 Type 2 audit for MathCo, achieving full compliance with no recorded deviations.
Senior Consultant
SiE Brains Technology Pvt Ltd
10.2020 - 03.2021
- Evaluated clients' needs and created plan of action to provide solutions.
- Assessed vendor's operational and IT controls to identify and remediate compliance issues. Created processes for vendor due diligence, on boarding, and mitigation plans for any identified risks.
- Performed assessments based on the inherent risk of services provided using questionnaire and control program like SIG.
- Ensured IT governance compliance with SOX and other internal control requirements by performing tests for compliance with segregation of duties.
Business Solutions Advisor
Deloitte USI
01.2019 - 08.2020
- Conducted comprehensive risk assessment and consulted with clients to identify internal and external processes, risks and ensure that adequate controls are in place.
- Participated in various risk-related assignments, as needed. Coordinated & performed vendor reviews.
- Tracking and reporting the remediation status of findings/issues identified during the information security risk assessments.
- Analyzing the security posture of the organization by assessing the design implementation of security controls in area of access controls, network security, physical and environmental security, risk management, business continuity and other information security domains
Operational Risk Consultant
Wells Fargo India Solutions Pvt Ltd
04.2017 - 10.2018
- Developed risk assessment matrices and templates to increase visibility of risks and facilitate decision making.
- Conducted reviews, prepared reports and summarized results for management to understand and carry out corrective action.
- Designing & executing test plans, test cases and test scripts/procedures, gap analysis to ensure that business requirements and functional specifications tested and fulfilled.
- Performed independent testing and evaluation of existing internal controls and monitoring systems and evaluating the design and operating effectiveness of those controls.
Risk Analyst
EY Global Delivery Services
06.2015 - 03.2017
- Assisted with the implementation of data-driven audit processes to improve efficiency while maintaining quality.
- Reduced compliance risk exposure in evaluating client data and delivering accurate and timely reports.
- Reduced compliance risk exposure in evaluating client data and delivering accurate and timely reports.
- Developed and enforced internal control procedures to ensure compliance with local regulations and global standards.
- Reviewed internal controls to ensure efficient & effective operations.
- Reviewed & re- performed internal auditors report and prepared a list of recommendations.
Education
MBA - Computer And Information Sciences
ICFAI University
Tripura, India12-2021
Bachelor in Computer Application - Computer Application
Jain University
Bengaluru, India05-2015
Skills
- Information Security
- Governance Risk & Compliance
- SOX 404
- ISO/IEC 27001: 2013 & 2022
- COSO
- COBIT
- GDPR
- Data Privacy
- NIS2 Directive
- Cyber Essentials
Accomplishments
Cybersecurity Compliance Initiatives
Facilitated multiple cybersecurity compliance initiatives, aligning with industry standards and enhancing the organization’s risk management framework to achieve sustained security maturity.
Security Awareness & Training
Facilitated organization-wide security awareness programs, achieving a 95% completion rate among personnel and significantly strengthening the overall security culture.
Risk Management
Facilitated the successful SSAE16 SOC 1 Type 2 audit at Mathco with no recorded deviations. Identified long-standing security risks and collaborated closely with the IT team to mitigate them effectively without disrupting business operations, ensuring both security integrity and business continuity.
IT Standards & Process Development
Developed and implemented IT security standards and procedures to guide teams in following consistent, compliant, and efficient processes, improving operational alignment and reducing security gaps.
Certification
- ISO:IEC 27001:2013 Lead Implementer
BSI | April 2020 - ISO:IEC 27001:2022 Lead Auditor
The Knowledge Academy | September 2023 - Advanced Executive Program in Cybersecurity
IIIT-Bengaluru | April 2022
Timeline
Cybersecurity Compliance Expert
Opella Healthcare India Pvt Ltd
03.2025 - 10.2025
Information Security Manager
Columbus Global Services Pvt Ltd
07.2023 - 03.2025
Information Security Manager
MathCo
04.2021 - 06.2023
Senior Consultant
SiE Brains Technology Pvt Ltd
10.2020 - 03.2021
Business Solutions Advisor
Deloitte USI
01.2019 - 08.2020
Operational Risk Consultant
Wells Fargo India Solutions Pvt Ltd
04.2017 - 10.2018
Risk Analyst
EY Global Delivery Services
06.2015 - 03.2017
MBA - Computer And Information Sciences
ICFAI University
Bachelor in Computer Application - Computer Application
Jain University